Vulnerabilities > CVE-2018-1463 - Incorrect Authorization vulnerability in IBM products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
CWE-863
NVD
Published: 2018-05-17
Updated: 2020-08-19

Summary

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.

Vulnerable Configurations

Part Description Count
OS
Ibm
192
Hardware
Ibm
6
Application
Ibm
64

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147601/ibmflashsystemstorwize-filereadxsrf.txt
idPACKETSTORM:147601
last seen2018-05-15
published2018-05-14
reporterJan Bee
sourcehttps://packetstormsecurity.com/files/147601/IBM-Flashsystem-Storwize-CSRF-Arbitrary-File-Read-Information-Disclosure.html
titleIBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure

References